diff options
-rw-r--r-- | include/net/dst.h | 16 | ||||
-rw-r--r-- | include/net/flow.h | 9 | ||||
-rw-r--r-- | net/core/flow.c | 4 | ||||
-rw-r--r-- | net/dccp/ipv6.c | 10 | ||||
-rw-r--r-- | net/decnet/dn_route.c | 6 | ||||
-rw-r--r-- | net/ipv4/icmp.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter.c | 4 | ||||
-rw-r--r-- | net/ipv4/route.c | 2 | ||||
-rw-r--r-- | net/ipv6/af_inet6.c | 2 | ||||
-rw-r--r-- | net/ipv6/datagram.c | 3 | ||||
-rw-r--r-- | net/ipv6/icmp.c | 6 | ||||
-rw-r--r-- | net/ipv6/inet6_connection_sock.c | 2 | ||||
-rw-r--r-- | net/ipv6/ip6_tunnel.c | 5 | ||||
-rw-r--r-- | net/ipv6/mcast.c | 4 | ||||
-rw-r--r-- | net/ipv6/ndisc.c | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter.c | 2 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 2 | ||||
-rw-r--r-- | net/ipv6/raw.c | 3 | ||||
-rw-r--r-- | net/ipv6/syncookies.c | 2 | ||||
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 11 | ||||
-rw-r--r-- | net/ipv6/udp.c | 3 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 38 |
22 files changed, 75 insertions, 67 deletions
diff --git a/include/net/dst.h b/include/net/dst.h index 6c778799bf10..6be3b082a070 100644 --- a/include/net/dst.h +++ b/include/net/dst.h | |||
@@ -291,21 +291,21 @@ enum { | |||
291 | 291 | ||
292 | struct flowi; | 292 | struct flowi; |
293 | #ifndef CONFIG_XFRM | 293 | #ifndef CONFIG_XFRM |
294 | static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 294 | static inline int xfrm_lookup(struct net *net, struct dst_entry **dst_p, |
295 | struct sock *sk, int flags) | 295 | struct flowi *fl, struct sock *sk, int flags) |
296 | { | 296 | { |
297 | return 0; | 297 | return 0; |
298 | } | 298 | } |
299 | static inline int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 299 | static inline int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, |
300 | struct sock *sk, int flags) | 300 | struct flowi *fl, struct sock *sk, int flags) |
301 | { | 301 | { |
302 | return 0; | 302 | return 0; |
303 | } | 303 | } |
304 | #else | 304 | #else |
305 | extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 305 | extern int xfrm_lookup(struct net *net, struct dst_entry **dst_p, |
306 | struct sock *sk, int flags); | 306 | struct flowi *fl, struct sock *sk, int flags); |
307 | extern int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 307 | extern int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, |
308 | struct sock *sk, int flags); | 308 | struct flowi *fl, struct sock *sk, int flags); |
309 | #endif | 309 | #endif |
310 | #endif | 310 | #endif |
311 | 311 | ||
diff --git a/include/net/flow.h b/include/net/flow.h index b45a5e4fcadd..809970b7dfee 100644 --- a/include/net/flow.h +++ b/include/net/flow.h | |||
@@ -84,12 +84,13 @@ struct flowi { | |||
84 | #define FLOW_DIR_OUT 1 | 84 | #define FLOW_DIR_OUT 1 |
85 | #define FLOW_DIR_FWD 2 | 85 | #define FLOW_DIR_FWD 2 |
86 | 86 | ||
87 | struct net; | ||
87 | struct sock; | 88 | struct sock; |
88 | typedef int (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir, | 89 | typedef int (*flow_resolve_t)(struct net *net, struct flowi *key, u16 family, |
89 | void **objp, atomic_t **obj_refp); | 90 | u8 dir, void **objp, atomic_t **obj_refp); |
90 | 91 | ||
91 | extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, | 92 | extern void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, |
92 | flow_resolve_t resolver); | 93 | u8 dir, flow_resolve_t resolver); |
93 | extern void flow_cache_flush(void); | 94 | extern void flow_cache_flush(void); |
94 | extern atomic_t flow_cache_genid; | 95 | extern atomic_t flow_cache_genid; |
95 | 96 | ||
diff --git a/net/core/flow.c b/net/core/flow.c index d323388dd1ba..96015871ecea 100644 --- a/net/core/flow.c +++ b/net/core/flow.c | |||
@@ -165,7 +165,7 @@ static int flow_key_compare(struct flowi *key1, struct flowi *key2) | |||
165 | return 0; | 165 | return 0; |
166 | } | 166 | } |
167 | 167 | ||
168 | void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, | 168 | void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir, |
169 | flow_resolve_t resolver) | 169 | flow_resolve_t resolver) |
170 | { | 170 | { |
171 | struct flow_cache_entry *fle, **head; | 171 | struct flow_cache_entry *fle, **head; |
@@ -225,7 +225,7 @@ nocache: | |||
225 | void *obj; | 225 | void *obj; |
226 | atomic_t *obj_ref; | 226 | atomic_t *obj_ref; |
227 | 227 | ||
228 | err = resolver(key, family, dir, &obj, &obj_ref); | 228 | err = resolver(net, key, family, dir, &obj, &obj_ref); |
229 | 229 | ||
230 | if (fle && !err) { | 230 | if (fle && !err) { |
231 | fle->genid = atomic_read(&flow_cache_genid); | 231 | fle->genid = atomic_read(&flow_cache_genid); |
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index f033e845bb07..b963f35c65f6 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c | |||
@@ -168,7 +168,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
168 | goto out; | 168 | goto out; |
169 | } | 169 | } |
170 | 170 | ||
171 | err = xfrm_lookup(&dst, &fl, sk, 0); | 171 | err = xfrm_lookup(net, &dst, &fl, sk, 0); |
172 | if (err < 0) { | 172 | if (err < 0) { |
173 | sk->sk_err_soft = -err; | 173 | sk->sk_err_soft = -err; |
174 | goto out; | 174 | goto out; |
@@ -279,7 +279,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req) | |||
279 | if (final_p) | 279 | if (final_p) |
280 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 280 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
281 | 281 | ||
282 | err = xfrm_lookup(&dst, &fl, sk, 0); | 282 | err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0); |
283 | if (err < 0) | 283 | if (err < 0) |
284 | goto done; | 284 | goto done; |
285 | 285 | ||
@@ -343,7 +343,7 @@ static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb) | |||
343 | 343 | ||
344 | /* sk = NULL, but it is safe for now. RST socket required. */ | 344 | /* sk = NULL, but it is safe for now. RST socket required. */ |
345 | if (!ip6_dst_lookup(ctl_sk, &skb->dst, &fl)) { | 345 | if (!ip6_dst_lookup(ctl_sk, &skb->dst, &fl)) { |
346 | if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { | 346 | if (xfrm_lookup(net, &skb->dst, &fl, NULL, 0) >= 0) { |
347 | ip6_xmit(ctl_sk, skb, &fl, NULL, 0); | 347 | ip6_xmit(ctl_sk, skb, &fl, NULL, 0); |
348 | DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS); | 348 | DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS); |
349 | DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS); | 349 | DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS); |
@@ -569,7 +569,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, | |||
569 | if (final_p) | 569 | if (final_p) |
570 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 570 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
571 | 571 | ||
572 | if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) | 572 | if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) |
573 | goto out; | 573 | goto out; |
574 | } | 574 | } |
575 | 575 | ||
@@ -1004,7 +1004,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
1004 | if (final_p) | 1004 | if (final_p) |
1005 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 1005 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
1006 | 1006 | ||
1007 | err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT); | 1007 | err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT); |
1008 | if (err < 0) { | 1008 | if (err < 0) { |
1009 | if (err == -EREMOTE) | 1009 | if (err == -EREMOTE) |
1010 | err = ip6_dst_blackhole(sk, &dst, &fl); | 1010 | err = ip6_dst_blackhole(sk, &dst, &fl); |
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c index 768df000523b..eeaa3d819f9c 100644 --- a/net/decnet/dn_route.c +++ b/net/decnet/dn_route.c | |||
@@ -1184,7 +1184,7 @@ static int dn_route_output_key(struct dst_entry **pprt, struct flowi *flp, int f | |||
1184 | 1184 | ||
1185 | err = __dn_route_output_key(pprt, flp, flags); | 1185 | err = __dn_route_output_key(pprt, flp, flags); |
1186 | if (err == 0 && flp->proto) { | 1186 | if (err == 0 && flp->proto) { |
1187 | err = xfrm_lookup(pprt, flp, NULL, 0); | 1187 | err = xfrm_lookup(&init_net, pprt, flp, NULL, 0); |
1188 | } | 1188 | } |
1189 | return err; | 1189 | return err; |
1190 | } | 1190 | } |
@@ -1195,8 +1195,8 @@ int dn_route_output_sock(struct dst_entry **pprt, struct flowi *fl, struct sock | |||
1195 | 1195 | ||
1196 | err = __dn_route_output_key(pprt, fl, flags & MSG_TRYHARD); | 1196 | err = __dn_route_output_key(pprt, fl, flags & MSG_TRYHARD); |
1197 | if (err == 0 && fl->proto) { | 1197 | if (err == 0 && fl->proto) { |
1198 | err = xfrm_lookup(pprt, fl, sk, (flags & MSG_DONTWAIT) ? | 1198 | err = xfrm_lookup(&init_net, pprt, fl, sk, |
1199 | 0 : XFRM_LOOKUP_WAIT); | 1199 | (flags & MSG_DONTWAIT) ? 0 : XFRM_LOOKUP_WAIT); |
1200 | } | 1200 | } |
1201 | return err; | 1201 | return err; |
1202 | } | 1202 | } |
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 7b88be9803b1..705b33b184a3 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -562,7 +562,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
562 | /* No need to clone since we're just using its address. */ | 562 | /* No need to clone since we're just using its address. */ |
563 | rt2 = rt; | 563 | rt2 = rt; |
564 | 564 | ||
565 | err = xfrm_lookup((struct dst_entry **)&rt, &fl, NULL, 0); | 565 | err = xfrm_lookup(net, (struct dst_entry **)&rt, &fl, NULL, 0); |
566 | switch (err) { | 566 | switch (err) { |
567 | case 0: | 567 | case 0: |
568 | if (rt != rt2) | 568 | if (rt != rt2) |
@@ -601,7 +601,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
601 | if (err) | 601 | if (err) |
602 | goto relookup_failed; | 602 | goto relookup_failed; |
603 | 603 | ||
604 | err = xfrm_lookup((struct dst_entry **)&rt2, &fl, NULL, | 604 | err = xfrm_lookup(net, (struct dst_entry **)&rt2, &fl, NULL, |
605 | XFRM_LOOKUP_ICMP); | 605 | XFRM_LOOKUP_ICMP); |
606 | switch (err) { | 606 | switch (err) { |
607 | case 0: | 607 | case 0: |
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index 6efdb70b3eb2..c99eecf89da5 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
@@ -66,7 +66,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) | |||
66 | #ifdef CONFIG_XFRM | 66 | #ifdef CONFIG_XFRM |
67 | if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && | 67 | if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && |
68 | xfrm_decode_session(skb, &fl, AF_INET) == 0) | 68 | xfrm_decode_session(skb, &fl, AF_INET) == 0) |
69 | if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) | 69 | if (xfrm_lookup(net, &skb->dst, &fl, skb->sk, 0)) |
70 | return -1; | 70 | return -1; |
71 | #endif | 71 | #endif |
72 | 72 | ||
@@ -97,7 +97,7 @@ int ip_xfrm_me_harder(struct sk_buff *skb) | |||
97 | dst = ((struct xfrm_dst *)dst)->route; | 97 | dst = ((struct xfrm_dst *)dst)->route; |
98 | dst_hold(dst); | 98 | dst_hold(dst); |
99 | 99 | ||
100 | if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0) | 100 | if (xfrm_lookup(dev_net(dst->dev), &dst, &fl, skb->sk, 0) < 0) |
101 | return -1; | 101 | return -1; |
102 | 102 | ||
103 | dst_release(skb->dst); | 103 | dst_release(skb->dst); |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 4e6959c29819..77bfba975959 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
@@ -2761,7 +2761,7 @@ int ip_route_output_flow(struct net *net, struct rtable **rp, struct flowi *flp, | |||
2761 | flp->fl4_src = (*rp)->rt_src; | 2761 | flp->fl4_src = (*rp)->rt_src; |
2762 | if (!flp->fl4_dst) | 2762 | if (!flp->fl4_dst) |
2763 | flp->fl4_dst = (*rp)->rt_dst; | 2763 | flp->fl4_dst = (*rp)->rt_dst; |
2764 | err = __xfrm_lookup((struct dst_entry **)rp, flp, sk, | 2764 | err = __xfrm_lookup(net, (struct dst_entry **)rp, flp, sk, |
2765 | flags ? XFRM_LOOKUP_WAIT : 0); | 2765 | flags ? XFRM_LOOKUP_WAIT : 0); |
2766 | if (err == -EREMOTE) | 2766 | if (err == -EREMOTE) |
2767 | err = ipv4_dst_blackhole(net, rp, flp); | 2767 | err = ipv4_dst_blackhole(net, rp, flp); |
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 01edac888510..437b750b98fd 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c | |||
@@ -637,7 +637,7 @@ int inet6_sk_rebuild_header(struct sock *sk) | |||
637 | if (final_p) | 637 | if (final_p) |
638 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 638 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
639 | 639 | ||
640 | if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { | 640 | if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) { |
641 | sk->sk_err_soft = -err; | 641 | sk->sk_err_soft = -err; |
642 | return err; | 642 | return err; |
643 | } | 643 | } |
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index e44deb8d4df2..e2bdc6d83a43 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c | |||
@@ -175,7 +175,8 @@ ipv4_connected: | |||
175 | if (final_p) | 175 | if (final_p) |
176 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 176 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
177 | 177 | ||
178 | if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { | 178 | err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT); |
179 | if (err < 0) { | ||
179 | if (err == -EREMOTE) | 180 | if (err == -EREMOTE) |
180 | err = ip6_dst_blackhole(sk, &dst, &fl); | 181 | err = ip6_dst_blackhole(sk, &dst, &fl); |
181 | if (err < 0) | 182 | if (err < 0) |
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index a77b8d103804..4f433847d95f 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c | |||
@@ -427,7 +427,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, | |||
427 | /* No need to clone since we're just using its address. */ | 427 | /* No need to clone since we're just using its address. */ |
428 | dst2 = dst; | 428 | dst2 = dst; |
429 | 429 | ||
430 | err = xfrm_lookup(&dst, &fl, sk, 0); | 430 | err = xfrm_lookup(net, &dst, &fl, sk, 0); |
431 | switch (err) { | 431 | switch (err) { |
432 | case 0: | 432 | case 0: |
433 | if (dst != dst2) | 433 | if (dst != dst2) |
@@ -446,7 +446,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, | |||
446 | if (ip6_dst_lookup(sk, &dst2, &fl)) | 446 | if (ip6_dst_lookup(sk, &dst2, &fl)) |
447 | goto relookup_failed; | 447 | goto relookup_failed; |
448 | 448 | ||
449 | err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); | 449 | err = xfrm_lookup(net, &dst2, &fl, sk, XFRM_LOOKUP_ICMP); |
450 | switch (err) { | 450 | switch (err) { |
451 | case 0: | 451 | case 0: |
452 | dst_release(dst); | 452 | dst_release(dst); |
@@ -552,7 +552,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb) | |||
552 | err = ip6_dst_lookup(sk, &dst, &fl); | 552 | err = ip6_dst_lookup(sk, &dst, &fl); |
553 | if (err) | 553 | if (err) |
554 | goto out; | 554 | goto out; |
555 | if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) | 555 | if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) |
556 | goto out; | 556 | goto out; |
557 | 557 | ||
558 | if (ipv6_addr_is_multicast(&fl.fl6_dst)) | 558 | if (ipv6_addr_is_multicast(&fl.fl6_dst)) |
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c index 16d43f20b32f..3c3732d50c1a 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c | |||
@@ -219,7 +219,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok) | |||
219 | if (final_p) | 219 | if (final_p) |
220 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 220 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
221 | 221 | ||
222 | if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { | 222 | if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) { |
223 | sk->sk_route_caps = 0; | 223 | sk->sk_route_caps = 0; |
224 | kfree_skb(skb); | 224 | kfree_skb(skb); |
225 | return err; | 225 | return err; |
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index ef249ab5c93c..58e2b0d93758 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c | |||
@@ -846,6 +846,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb, | |||
846 | int encap_limit, | 846 | int encap_limit, |
847 | __u32 *pmtu) | 847 | __u32 *pmtu) |
848 | { | 848 | { |
849 | struct net *net = dev_net(dev); | ||
849 | struct ip6_tnl *t = netdev_priv(dev); | 850 | struct ip6_tnl *t = netdev_priv(dev); |
850 | struct net_device_stats *stats = &t->dev->stats; | 851 | struct net_device_stats *stats = &t->dev->stats; |
851 | struct ipv6hdr *ipv6h = ipv6_hdr(skb); | 852 | struct ipv6hdr *ipv6h = ipv6_hdr(skb); |
@@ -861,9 +862,9 @@ static int ip6_tnl_xmit2(struct sk_buff *skb, | |||
861 | if ((dst = ip6_tnl_dst_check(t)) != NULL) | 862 | if ((dst = ip6_tnl_dst_check(t)) != NULL) |
862 | dst_hold(dst); | 863 | dst_hold(dst); |
863 | else { | 864 | else { |
864 | dst = ip6_route_output(dev_net(dev), NULL, fl); | 865 | dst = ip6_route_output(net, NULL, fl); |
865 | 866 | ||
866 | if (dst->error || xfrm_lookup(&dst, fl, NULL, 0) < 0) | 867 | if (dst->error || xfrm_lookup(net, &dst, fl, NULL, 0) < 0) |
867 | goto tx_err_link_failure; | 868 | goto tx_err_link_failure; |
868 | } | 869 | } |
869 | 870 | ||
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index 870a1d64605a..0f3896032830 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c | |||
@@ -1466,7 +1466,7 @@ static void mld_sendpack(struct sk_buff *skb) | |||
1466 | &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, | 1466 | &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, |
1467 | skb->dev->ifindex); | 1467 | skb->dev->ifindex); |
1468 | 1468 | ||
1469 | err = xfrm_lookup(&skb->dst, &fl, NULL, 0); | 1469 | err = xfrm_lookup(net, &skb->dst, &fl, NULL, 0); |
1470 | if (err) | 1470 | if (err) |
1471 | goto err_out; | 1471 | goto err_out; |
1472 | 1472 | ||
@@ -1831,7 +1831,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) | |||
1831 | &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, | 1831 | &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, |
1832 | skb->dev->ifindex); | 1832 | skb->dev->ifindex); |
1833 | 1833 | ||
1834 | err = xfrm_lookup(&skb->dst, &fl, NULL, 0); | 1834 | err = xfrm_lookup(net, &skb->dst, &fl, NULL, 0); |
1835 | if (err) | 1835 | if (err) |
1836 | goto err_out; | 1836 | goto err_out; |
1837 | 1837 | ||
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index af6705f03b5c..e4acc212345e 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c | |||
@@ -524,7 +524,7 @@ void ndisc_send_skb(struct sk_buff *skb, | |||
524 | return; | 524 | return; |
525 | } | 525 | } |
526 | 526 | ||
527 | err = xfrm_lookup(&dst, &fl, NULL, 0); | 527 | err = xfrm_lookup(net, &dst, &fl, NULL, 0); |
528 | if (err < 0) { | 528 | if (err < 0) { |
529 | kfree_skb(skb); | 529 | kfree_skb(skb); |
530 | return; | 530 | return; |
@@ -1524,7 +1524,7 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, | |||
1524 | if (dst == NULL) | 1524 | if (dst == NULL) |
1525 | return; | 1525 | return; |
1526 | 1526 | ||
1527 | err = xfrm_lookup(&dst, &fl, NULL, 0); | 1527 | err = xfrm_lookup(net, &dst, &fl, NULL, 0); |
1528 | if (err) | 1528 | if (err) |
1529 | return; | 1529 | return; |
1530 | 1530 | ||
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index fd5b3a4e3329..627e21db65df 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
@@ -29,7 +29,7 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
29 | #ifdef CONFIG_XFRM | 29 | #ifdef CONFIG_XFRM |
30 | if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && | 30 | if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && |
31 | xfrm_decode_session(skb, &fl, AF_INET6) == 0) | 31 | xfrm_decode_session(skb, &fl, AF_INET6) == 0) |
32 | if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) | 32 | if (xfrm_lookup(net, &skb->dst, &fl, skb->sk, 0)) |
33 | return -1; | 33 | return -1; |
34 | #endif | 34 | #endif |
35 | 35 | ||
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 0981b4ccb8b1..5a2d0a41694a 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -97,7 +97,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) | |||
97 | dst = ip6_route_output(net, NULL, &fl); | 97 | dst = ip6_route_output(net, NULL, &fl); |
98 | if (dst == NULL) | 98 | if (dst == NULL) |
99 | return; | 99 | return; |
100 | if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0)) | 100 | if (dst->error || xfrm_lookup(net, &dst, &fl, NULL, 0)) |
101 | return; | 101 | return; |
102 | 102 | ||
103 | hh_len = (dst->dev->hard_header_len + 15)&~15; | 103 | hh_len = (dst->dev->hard_header_len + 15)&~15; |
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 2ba04d41dc25..61f6827e5906 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c | |||
@@ -860,7 +860,8 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, | |||
860 | if (final_p) | 860 | if (final_p) |
861 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 861 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
862 | 862 | ||
863 | if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { | 863 | err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT); |
864 | if (err < 0) { | ||
864 | if (err == -EREMOTE) | 865 | if (err == -EREMOTE) |
865 | err = ip6_dst_blackhole(sk, &dst, &fl); | 866 | err = ip6_dst_blackhole(sk, &dst, &fl); |
866 | if (err < 0) | 867 | if (err < 0) |
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 676c80b5b14b..711175e0571f 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c | |||
@@ -259,7 +259,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
259 | 259 | ||
260 | if (final_p) | 260 | if (final_p) |
261 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 261 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
262 | if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) | 262 | if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) |
263 | goto out_free; | 263 | goto out_free; |
264 | } | 264 | } |
265 | 265 | ||
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index a5d750acd793..f259c9671f3e 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -260,7 +260,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
260 | if (final_p) | 260 | if (final_p) |
261 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 261 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
262 | 262 | ||
263 | if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { | 263 | err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT); |
264 | if (err < 0) { | ||
264 | if (err == -EREMOTE) | 265 | if (err == -EREMOTE) |
265 | err = ip6_dst_blackhole(sk, &dst, &fl); | 266 | err = ip6_dst_blackhole(sk, &dst, &fl); |
266 | if (err < 0) | 267 | if (err < 0) |
@@ -390,7 +391,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
390 | goto out; | 391 | goto out; |
391 | } | 392 | } |
392 | 393 | ||
393 | if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { | 394 | if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) { |
394 | sk->sk_err_soft = -err; | 395 | sk->sk_err_soft = -err; |
395 | goto out; | 396 | goto out; |
396 | } | 397 | } |
@@ -492,7 +493,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req) | |||
492 | goto done; | 493 | goto done; |
493 | if (final_p) | 494 | if (final_p) |
494 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 495 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
495 | if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) | 496 | if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) |
496 | goto done; | 497 | goto done; |
497 | 498 | ||
498 | skb = tcp_make_synack(sk, dst, req); | 499 | skb = tcp_make_synack(sk, dst, req); |
@@ -1018,7 +1019,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, | |||
1018 | * namespace | 1019 | * namespace |
1019 | */ | 1020 | */ |
1020 | if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { | 1021 | if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { |
1021 | if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { | 1022 | if (xfrm_lookup(net, &buff->dst, &fl, NULL, 0) >= 0) { |
1022 | ip6_xmit(ctl_sk, buff, &fl, NULL, 0); | 1023 | ip6_xmit(ctl_sk, buff, &fl, NULL, 0); |
1023 | TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); | 1024 | TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); |
1024 | if (rst) | 1025 | if (rst) |
@@ -1316,7 +1317,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, | |||
1316 | if (final_p) | 1317 | if (final_p) |
1317 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 1318 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
1318 | 1319 | ||
1319 | if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) | 1320 | if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) |
1320 | goto out; | 1321 | goto out; |
1321 | } | 1322 | } |
1322 | 1323 | ||
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index fd2d9ad4a8a3..38390dd19636 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c | |||
@@ -849,7 +849,8 @@ do_udp_sendmsg: | |||
849 | if (final_p) | 849 | if (final_p) |
850 | ipv6_addr_copy(&fl.fl6_dst, final_p); | 850 | ipv6_addr_copy(&fl.fl6_dst, final_p); |
851 | 851 | ||
852 | if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { | 852 | err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT); |
853 | if (err < 0) { | ||
853 | if (err == -EREMOTE) | 854 | if (err == -EREMOTE) |
854 | err = ip6_dst_blackhole(sk, &dst, &fl); | 855 | err = ip6_dst_blackhole(sk, &dst, &fl); |
855 | if (err < 0) | 856 | if (err < 0) |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 6165218fd7c2..7c88a25c7af5 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -940,7 +940,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl, | |||
940 | return ret; | 940 | return ret; |
941 | } | 941 | } |
942 | 942 | ||
943 | static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | 943 | static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type, |
944 | struct flowi *fl, | ||
944 | u16 family, u8 dir) | 945 | u16 family, u8 dir) |
945 | { | 946 | { |
946 | int err; | 947 | int err; |
@@ -956,7 +957,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | |||
956 | return NULL; | 957 | return NULL; |
957 | 958 | ||
958 | read_lock_bh(&xfrm_policy_lock); | 959 | read_lock_bh(&xfrm_policy_lock); |
959 | chain = policy_hash_direct(&init_net, daddr, saddr, family, dir); | 960 | chain = policy_hash_direct(net, daddr, saddr, family, dir); |
960 | ret = NULL; | 961 | ret = NULL; |
961 | hlist_for_each_entry(pol, entry, chain, bydst) { | 962 | hlist_for_each_entry(pol, entry, chain, bydst) { |
962 | err = xfrm_policy_match(pol, fl, type, family, dir); | 963 | err = xfrm_policy_match(pol, fl, type, family, dir); |
@@ -973,7 +974,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | |||
973 | break; | 974 | break; |
974 | } | 975 | } |
975 | } | 976 | } |
976 | chain = &init_net.xfrm.policy_inexact[dir]; | 977 | chain = &net->xfrm.policy_inexact[dir]; |
977 | hlist_for_each_entry(pol, entry, chain, bydst) { | 978 | hlist_for_each_entry(pol, entry, chain, bydst) { |
978 | err = xfrm_policy_match(pol, fl, type, family, dir); | 979 | err = xfrm_policy_match(pol, fl, type, family, dir); |
979 | if (err) { | 980 | if (err) { |
@@ -996,14 +997,14 @@ fail: | |||
996 | return ret; | 997 | return ret; |
997 | } | 998 | } |
998 | 999 | ||
999 | static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, | 1000 | static int xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family, |
1000 | void **objp, atomic_t **obj_refp) | 1001 | u8 dir, void **objp, atomic_t **obj_refp) |
1001 | { | 1002 | { |
1002 | struct xfrm_policy *pol; | 1003 | struct xfrm_policy *pol; |
1003 | int err = 0; | 1004 | int err = 0; |
1004 | 1005 | ||
1005 | #ifdef CONFIG_XFRM_SUB_POLICY | 1006 | #ifdef CONFIG_XFRM_SUB_POLICY |
1006 | pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); | 1007 | pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir); |
1007 | if (IS_ERR(pol)) { | 1008 | if (IS_ERR(pol)) { |
1008 | err = PTR_ERR(pol); | 1009 | err = PTR_ERR(pol); |
1009 | pol = NULL; | 1010 | pol = NULL; |
@@ -1011,7 +1012,7 @@ static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, | |||
1011 | if (pol || err) | 1012 | if (pol || err) |
1012 | goto end; | 1013 | goto end; |
1013 | #endif | 1014 | #endif |
1014 | pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); | 1015 | pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir); |
1015 | if (IS_ERR(pol)) { | 1016 | if (IS_ERR(pol)) { |
1016 | err = PTR_ERR(pol); | 1017 | err = PTR_ERR(pol); |
1017 | pol = NULL; | 1018 | pol = NULL; |
@@ -1537,7 +1538,7 @@ static int stale_bundle(struct dst_entry *dst); | |||
1537 | * At the moment we eat a raw IP route. Mostly to speed up lookups | 1538 | * At the moment we eat a raw IP route. Mostly to speed up lookups |
1538 | * on interfaces with disabled IPsec. | 1539 | * on interfaces with disabled IPsec. |
1539 | */ | 1540 | */ |
1540 | int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 1541 | int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl, |
1541 | struct sock *sk, int flags) | 1542 | struct sock *sk, int flags) |
1542 | { | 1543 | { |
1543 | struct xfrm_policy *policy; | 1544 | struct xfrm_policy *policy; |
@@ -1575,10 +1576,10 @@ restart: | |||
1575 | if (!policy) { | 1576 | if (!policy) { |
1576 | /* To accelerate a bit... */ | 1577 | /* To accelerate a bit... */ |
1577 | if ((dst_orig->flags & DST_NOXFRM) || | 1578 | if ((dst_orig->flags & DST_NOXFRM) || |
1578 | !init_net.xfrm.policy_count[XFRM_POLICY_OUT]) | 1579 | !net->xfrm.policy_count[XFRM_POLICY_OUT]) |
1579 | goto nopol; | 1580 | goto nopol; |
1580 | 1581 | ||
1581 | policy = flow_cache_lookup(fl, dst_orig->ops->family, | 1582 | policy = flow_cache_lookup(net, fl, dst_orig->ops->family, |
1582 | dir, xfrm_policy_lookup); | 1583 | dir, xfrm_policy_lookup); |
1583 | err = PTR_ERR(policy); | 1584 | err = PTR_ERR(policy); |
1584 | if (IS_ERR(policy)) { | 1585 | if (IS_ERR(policy)) { |
@@ -1635,7 +1636,8 @@ restart: | |||
1635 | 1636 | ||
1636 | #ifdef CONFIG_XFRM_SUB_POLICY | 1637 | #ifdef CONFIG_XFRM_SUB_POLICY |
1637 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { | 1638 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { |
1638 | pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, | 1639 | pols[1] = xfrm_policy_lookup_bytype(net, |
1640 | XFRM_POLICY_TYPE_MAIN, | ||
1639 | fl, family, | 1641 | fl, family, |
1640 | XFRM_POLICY_OUT); | 1642 | XFRM_POLICY_OUT); |
1641 | if (pols[1]) { | 1643 | if (pols[1]) { |
@@ -1683,11 +1685,11 @@ restart: | |||
1683 | if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { | 1685 | if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { |
1684 | DECLARE_WAITQUEUE(wait, current); | 1686 | DECLARE_WAITQUEUE(wait, current); |
1685 | 1687 | ||
1686 | add_wait_queue(&init_net.xfrm.km_waitq, &wait); | 1688 | add_wait_queue(&net->xfrm.km_waitq, &wait); |
1687 | set_current_state(TASK_INTERRUPTIBLE); | 1689 | set_current_state(TASK_INTERRUPTIBLE); |
1688 | schedule(); | 1690 | schedule(); |
1689 | set_current_state(TASK_RUNNING); | 1691 | set_current_state(TASK_RUNNING); |
1690 | remove_wait_queue(&init_net.xfrm.km_waitq, &wait); | 1692 | remove_wait_queue(&net->xfrm.km_waitq, &wait); |
1691 | 1693 | ||
1692 | nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); | 1694 | nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); |
1693 | 1695 | ||
@@ -1781,10 +1783,10 @@ nopol: | |||
1781 | } | 1783 | } |
1782 | EXPORT_SYMBOL(__xfrm_lookup); | 1784 | EXPORT_SYMBOL(__xfrm_lookup); |
1783 | 1785 | ||
1784 | int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 1786 | int xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl, |
1785 | struct sock *sk, int flags) | 1787 | struct sock *sk, int flags) |
1786 | { | 1788 | { |
1787 | int err = __xfrm_lookup(dst_p, fl, sk, flags); | 1789 | int err = __xfrm_lookup(net, dst_p, fl, sk, flags); |
1788 | 1790 | ||
1789 | if (err == -EREMOTE) { | 1791 | if (err == -EREMOTE) { |
1790 | dst_release(*dst_p); | 1792 | dst_release(*dst_p); |
@@ -1936,7 +1938,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
1936 | } | 1938 | } |
1937 | 1939 | ||
1938 | if (!pol) | 1940 | if (!pol) |
1939 | pol = flow_cache_lookup(&fl, family, fl_dir, | 1941 | pol = flow_cache_lookup(&init_net, &fl, family, fl_dir, |
1940 | xfrm_policy_lookup); | 1942 | xfrm_policy_lookup); |
1941 | 1943 | ||
1942 | if (IS_ERR(pol)) { | 1944 | if (IS_ERR(pol)) { |
@@ -1959,7 +1961,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
1959 | npols ++; | 1961 | npols ++; |
1960 | #ifdef CONFIG_XFRM_SUB_POLICY | 1962 | #ifdef CONFIG_XFRM_SUB_POLICY |
1961 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { | 1963 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { |
1962 | pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, | 1964 | pols[1] = xfrm_policy_lookup_bytype(&init_net, XFRM_POLICY_TYPE_MAIN, |
1963 | &fl, family, | 1965 | &fl, family, |
1964 | XFRM_POLICY_IN); | 1966 | XFRM_POLICY_IN); |
1965 | if (pols[1]) { | 1967 | if (pols[1]) { |
@@ -2049,7 +2051,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family) | |||
2049 | return 0; | 2051 | return 0; |
2050 | } | 2052 | } |
2051 | 2053 | ||
2052 | return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0; | 2054 | return xfrm_lookup(&init_net, &skb->dst, &fl, NULL, 0) == 0; |
2053 | } | 2055 | } |
2054 | EXPORT_SYMBOL(__xfrm_route_forward); | 2056 | EXPORT_SYMBOL(__xfrm_route_forward); |
2055 | 2057 | ||